CVE-2025-63227 identifies a critical security vulnerability in the Mozart FM Transmitter's web management interface, specifically version WEBMOZZI-00287. The vulnerability exists in the /patch.php endpoint, which allows an authenticated administrator to upload arbitrary files without restriction. These files are saved in the /patch/ directory on the server. Because the uploaded files can include PHP webshells, an attacker can execute arbitrary commands remotely, effectively gaining full control over the affected system. This type of vulnerability is classified as an unrestricted file upload flaw, which is particularly dangerous when combined with administrative access, as it bypasses typical user restrictions and security controls. Although no CVSS score has been assigned and no exploits have been reported in the wild, the impact potential is severe. The vulnerability requires administrative credentials, so initial exploitation depends on credential compromise or insider threat. The Mozart FM Transmitter is used in FM broadcasting environments, making this a targeted risk for organizations managing radio transmission infrastructure. The lack of patch information indicates that mitigation may require vendor intervention or custom security controls. The vulnerability could lead to data breaches, service disruption, or use of the compromised system as a pivot point for further network attacks.

For European organizations, the impact of CVE-2025-63227 could be substantial, especially for broadcasters and media companies relying on Mozart FM Transmitter devices. Successful exploitation could result in full system compromise, allowing attackers to disrupt broadcasting services, manipulate transmitted content, or exfiltrate sensitive operational data. This could lead to reputational damage, regulatory penalties under GDPR if personal data is involved, and operational downtime affecting public communication channels. Additionally, compromised devices could be leveraged as footholds for lateral movement within critical infrastructure networks, increasing the risk of broader cyberattacks. The requirement for administrative credentials reduces the likelihood of opportunistic attacks but elevates the threat from insider actors or attackers who have already breached perimeter defenses. Given the strategic importance of broadcasting infrastructure in Europe for emergency communications and public information, this vulnerability poses a high risk to continuity and security.

To mitigate CVE-2025-63227, organizations should immediately restrict administrative access to the Mozart FM Transmitter web interface using strong authentication mechanisms such as multi-factor authentication (MFA) and IP whitelisting. Implement strict file upload validation on the /patch.php endpoint, ensuring only authorized file types and sizes are accepted, and consider disabling file uploads if not essential. Monitor the /patch/ directory for any unauthorized or suspicious files, employing file integrity monitoring tools. Network segmentation should isolate broadcasting management interfaces from general IT networks to limit lateral movement. Regularly audit administrative accounts and credentials to detect and revoke any unauthorized access. Engage with the vendor for patches or updates addressing this vulnerability and apply them promptly once available. Additionally, conduct penetration testing and vulnerability assessments focused on the broadcasting infrastructure to identify and remediate similar risks proactively.